STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Processes (services, applications, etc.) that connect to the DBMS independently of individual users, must use valid, current DoD-issued PKI certificates for authentication to the DBMS.

DISA Rule

SV-219777r397600_rule

Vulnerability Number

V-219777

Group Title

SRG-APP-000177-DB-000069

Rule Version

O112-C2-015501

Severity

CAT II

CCI(s)

• CCI-000187 - The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group.

Weight

10

Fix Recommendation

For each such account, use DoD certificate-based authentication.

Check Contents

Review configuration to confirm that accounts used by processes to connect to the DBMS are authenticated using valid, current DoD-issued PKI certificates.

If any such account, other than SYS, is not certificate-based, this is a finding.

Vulnerability Number

V-219777

Documentable

False

Rule Version

O112-C2-015501

Severity Override Guidance

Review configuration to confirm that accounts used by processes to connect to the DBMS are authenticated using valid, current DoD-issued PKI certificates.

If any such account, other than SYS, is not certificate-based, this is a finding.

Check Content Reference

M

Target Key

4057

Comments